<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2023/12/31
 * Time: 12:31
 */

namespace app\common\service;

use sookie\auth\models\Adminuser;
use sookie\auth\models\SysRbacPermissions;
use sookie\react\handlers\CommonHandler;
use sookie\statistical\models\SysAccessLog;
use yii\helpers\ArrayHelper;

class AuthChecker extends \sookie\bootstraps\handlers\AuthChecker
{
    /**
     * @param $route
     * @param bool $group
     * @param bool $write_access_log
     * @return array
     * @throws \yii\db\Exception
     */
    public static function doCheck($route,$group = false,$write_access_log = false){
        $default = [
            "ok" => true,
            "code" => 200,
            "msg" => "权限校验通过",
            "servertime" => time()
        ];

        //不需要登录的模块
        $notLoginAllowModules = ArrayHelper::merge(\Yii::$app->params["notLoginAllowModules"],[

        ]);
        if(in_array(\Yii::$app->controller->module->id,$notLoginAllowModules)){
            return $default;
        }

        //未登录用户可访问的路由
        $notLoginAllowRoutes = ArrayHelper::merge(\Yii::$app->params["notLoginAllowRoutes"],[
            "/auth/core/captcha",
            "/auth/core/login",
        ]);

        if (in_array($route,$notLoginAllowRoutes)){
            return $default;
        }



        // ACF 权限控制
        $userInfo = Adminuser::getUserInfo();

        if (!$userInfo){
            return ArrayHelper::merge($default,["ok" => false,"code" => 10001,"msg" => "请先登录"]);
        }

        //登录用户可访问的路由
        $loginAllowRoutes = ArrayHelper::merge(\Yii::$app->params["loginAllowRoutes"],[
            "/auth/core/logout",
            "/auth/core/user",
            "/auth/core/info",
            "/auth/core/reset",
            "/auth/menu/list",
        ]);

        if (in_array($route,$loginAllowRoutes)){
            return $default;
        }

        // 针对后台进行RBAC权限校验
        if (GROUP == "admin" || $group == "admin"){

            if (in_array($userInfo->username,["admin","root"])){
                return $default;
            }

            //设置user组件
            \Yii::$app->user->setIdentity($userInfo);

            //不在权限列表的路由，全部放行
            $allPermissions = SysRbacPermissions::find()->select("name,id")->asArray()->indexBy("id")->column();
            if (!in_array($route,$allPermissions)){
                return $default;
            }

            $havePermissons = Adminuser::getUserPermissionsByIDCache($userInfo->id);

            if (in_array($route,$havePermissons)){
                if ((\Yii::$app->request->isPost || \Yii::$app->request->isGet) && $write_access_log){
                    $detailModel = SysRbacPermissions::find()->where(["name" => $route])->select("description")->one();
                    if ($detailModel){
                        $detail = str_replace("菜单显示","访问模块",$detailModel->description);
                        //写入访问信息
                        $data = [
                            "user_id" => $userInfo->id,
                            "ip" => \Yii::$app->request->getUserIP(),
                            "type" => 1,
                            "access_time" => time(),
                            "detail" => $detail
                        ];
                        SysAccessLog::getDb()->createCommand()->insert(SysAccessLog::tableName(),$data)->execute();
                    }
                }
                return $default;
            }

            return ArrayHelper::merge($default,["ok" => false,"code" => 403,"msg" => "你没有执行该操作的权限"]);
        }

        return $default;
    }
}